The Essence of MCP
The Model Context Protocol (MCP) is rapidly establishing itself as a pivotal open standard poised to reshape the interaction between AI-driven tools and data sources. By facilitating secure, bidirectional connections, MCP is laying the groundwork for the rapid advancement of agent commerce (a-commerce), a transformative approach that leverages AI agents to automate and enhance commercial transactions.
Originally developed by Anthropic and now supported by OpenAI, MCP is designed to streamline how developers build AI applications that can seamlessly access and utilize data from various sources. The protocol’s architecture is straightforward, allowing developers to expose their functionalities through MCP servers or build MCP clients that can connect to these servers to leverage available capabilities.
From a technical standpoint, an MCP server acts as a gateway for developers to expose their tools and functionalities. AI agents can then use MCP clients to connect to these servers, discovering and utilizing the tools as needed. When an agent queries a server to determine available tools, the server provides metadata in a standardized JSON format, enabling the agent to understand how to use the tools. When an agent decides to use a tool, it sends a tool invocation request, facilitating seamless interaction between the server and the client.
The Significance of MCP: Enabling Interoperability, Coordination, and Ecosystems
The significance of MCP lies in its ability to provide a standardized way for tools and agents to communicate and exchange information about users, tasks, data, and goals. This standardization yields numerous benefits, including:
- Interoperability: MCP allows different AI models, assistants, and external applications to share context, making it easier to integrate multiple AI-driven tools and services. This interoperability eliminates silos between different systems, enabling them to work together synergistically toward common objectives.
- Coordination: MCP facilitates the coordination of tasks between various AI agents and external applications, ensuring they work together smoothly without duplicating efforts or requiring repetitive user input. By coordinating tasks, MCP enhances efficiency and productivity, optimizing AI-driven processes.
- Ecosystem: Standards like MCP allow third-party developers to build plugins or tools that can easily ‘speak the same language’ as AI assistants, accelerating ecosystem growth. This standardization promotes innovation and collaboration, leading to a plethora of scalable AI functionalities and applications.
For example, a Google Maps MCP server provides seven functionalities, including converting addresses to coordinates (and vice versa), searching for places, getting details about places, calculating the distance (as well as travel time) between places, getting elevation data, and getting directions. These functionalities showcase how MCP can facilitate seamless access to a diverse range of services and data, supporting various use cases in AI-driven applications.
Agent Commerce: MCP’s Transformative Impact
Organizations interested in MCP include retailers, banks, and others looking to develop their own AI capabilities so that their agents can interact with customer agents. For instance, Walmart’s U.S. operations are building their own agents to interact with consumer agents to provide recommendations or additional product information. Concurrently, consumer agents can provide information, such as preferences, to retailer agents.
Banks and retailers want customer agents to interact with retailer agents rather than using web pages or APIs to get the services they want. Frank Young summarized this dynamic well, suggesting that organizations offer APIs to support simple processes using the current infrastructure (e.g., subscriptions), but for the cutting edge of agent commerce (negotiation, fraud response, optimization), implement MCP servers to capture these complex, high-value scenarios.
Security Challenges of MCP
While the vision of agent commerce is compelling, it is crucial to address security concerns associated with MCP to ensure its secure, reliable, and cost-effective deployment. MCP does not define standard mechanisms for servers and clients to mutually authenticate each other, nor does it specify how to delegate authentication using APIs. This security gap could open the door to malicious agents masquerading as legitimate entities, unauthorized access to sensitive data, or the initiation of malicious activities.
One approach to addressing these security concerns is to have MCP servers validate agent credentials against some form of registry, the basic KYC (Know Your Customer) of AI, so that only trusted agents get in. This could be a precursor to a more sophisticated Know Your Agent (KYA) infrastructure, which would provide more robust authentication and authorization mechanisms.
Since MCP servers are managed by independent developers and contributors, there is no centralized platform to audit, enforce, or validate security standards. This decentralized model increases the potential for inconsistent security practices, making it difficult to ensure that all MCP servers adhere to secure development principles. Additionally, MCP servers lack a unified package management system, which complicates the installation and maintenance process, increasing the likelihood of deploying outdated or misconfigured versions. The use of unofficial installation tools across different MCP clients further introduces variability in server deployment, making it difficult to maintain consistent security standards.
MCP also lacks a standard framework for handling counterparty authentication and authorization, with no mechanisms to verify identity or govern access. Without these mechanisms, it’s hard to enforce fine-grained permissions. Since MCP also lacks a permissions model and relies on OAuth, that means sessions with tools are either accessible or completely restricted, and as Andreessen Horowitz points out, there will be additional complexity as more agents and tools are introduced. Therefore, more will be needed, a candidate being what is referred to as a policy decision point (PDP). This is a component that evaluates access control policies. Given inputs like the identity of an actor, the action, the resource, and the context, it decides whether to allow or deny the action.
Mike Schwartz, founder of cybersecurity startup Gluu, asserts that while PDP used to be heavyweight infrastructure running on servers or mainframes, PDPs using the Cedar open-source policy language are small and fast enough to run embedded in mobile apps and should evolve into a critical component of the agent AI stack. AWS announced the Cedar policy syntax in 2024 after extensive scientific research on the topic of automated reasoning. Importantly, Cedar is deterministic—given the same inputs, you always get the same answer. Determinism in security is needed to build trust, which requires doing the same thing again and again. As Mike states, a Cedar-based embeddable PDP checks all the boxes for agent AI.
A New Beginning for MCP
This is not just another e-commerce. As Jamie Smith points out, when you tell your agent ‘find a hotel in Paris for under $400 with a view of the Eiffel Tower,’ it’s not just going to Google Search. It will package that request with your authenticated credentials (from your digital wallet), payment preferences, loyalty programs (and so on), and constraints such as price caps, date ranges, and loyalty tiers. This is a ‘structured context payload’ sent to various travel sites that are capable of responding and interacting with your agent.
Unlike e-commerce, which was built on top of the internet without a security layer (and therefore no digital currencies and no digital identities), agent commerce will be built on top of infrastructure that provides real security to market participants. Putting this secure infrastructure in place is a golden opportunity for fintechs and other startups looking to offer digital currencies and digital identities as core components. As identification, authentication, and authorization mechanisms around MCP are standardized, there is no reason not to expect rapid acceleration of agent commerce in the mass market.
As MCP security concerns are addressed and standardization efforts are completed, agent commerce has the potential to revolutionize how we conduct commercial transactions. By leveraging the power of AI agents to automate and enhance various processes, agent commerce promises to improve efficiency, convenience, and personalization, creating new opportunities for both businesses and consumers.
Ultimately, MCP represents a transformative shift toward a more secure, efficient, and AI-centric future of commerce, one that will redefine how businesses interact with customers and how they operate.